The Social Media Privacy Act

Across the country, a growing number of employers and schools are demanding that applicants, employees and students hand over the passwords to their private social media accounts such as Facebook. That’s unacceptable.

Private communications and activities deserve the same protections online and offline. We would never allow employers or school staff to search our homes, read our diaries or mail, listen in on private gatherings with friends, or look at our private videos or photo albums. Our digital data deserves the same protection.

• Demanding access to private social account passwords.
• Requiring an individual to log into their account in front of an employer or school staff person to enable that person to poke around.
• Requiring an individual to "friend" a coach, school administrator, or employer as a condition of employment or participation in school activities.

Even on sites where the default is public, or a user has chosen to make a lot of information public, it is usually possible to send and receive private messages. When an employer or school obtains an individual's password, they are able to access everything in a person's account, including private messages and content.

That's not right.

The line should be clear: any communications not intended to be viewable by the general public are out of bounds for employers or school officials. If it's private in your desk at home, it should be private in your Facebook or Twitter account.

• Protect worker privacy.
• Protect student privacy.
• Protect your privacy. When a person is forced to share the password to a private account, it exposes the private lives of friends, family, clients, and anyone else with whom that person may have communicated online.
• Protect businesses. Gaining access to an applicant's social network can expose a lot of information-- like age, religion, ethnicity, sexual orientation, or pregnancy-- which employers are forbidden to ask about. This legislation will protect employers from discrimination claims made by rejected applicants.

• Prevent access to information that is publicly available.
• Stop officials from intervening in public safety emergencies.
• Change current law regarding background checks.
• Impede access to investigations required by law.
• Prevent courts from ordering access in criminal or civil investigations.

More than twenty-six states have already passed similar laws ―including Arkansas, California, Colorado, Connecticut, Delaware, Illinois, Louisiana, Maine, Maryland, Michigan, Montana, Nevada, New Hampshire, New Jersey, New Mexico, Oklahoma, Oregon, Rhode Island, Tennessee, Utah, Vermont, Virginia, Washington and Wisconsin.

The legislation contains well thought-out exceptions―whenever access is required by state or federal law, for any legally-required investigations, in true emergencies involving danger of death or serious injury, and for dual-purpose accounts under the federal Securities Exchange Act. Courts can also order access when appropriate in criminal or civil litigation. The bill’s exceptions should not be expanded, or they will swallow the rule and undermine its purpose―protecting privacy.